DPDK usage discussions
 help / color / mirror / Atom feed
From: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
To: Дмитрий Степанов <stepanov.dmit@gmail.com>
Cc: Steffen Weise <stweise.linux@gmail.com>, users@dpdk.org
Subject: Re: Find all matches with DPDK ACL
Date: Fri, 26 Nov 2021 17:12:32 +0300
Message-ID: <20211126171232.401fefca@sovereign> (raw)
In-Reply-To: <CA+-SuJ1HQTHKYeTbTGDVYvdnvo9DMV1DwekKCEAvtiFC8mQbSg@mail.gmail.com>

2021-11-26 16:53 (UTC+0300), Дмитрий Степанов:
> Hi!
> I have a big number of IPv4 5-tuple rules, every rule corresponds to some
> action. I need to find all matched rules and perform all tied actions.

I rather meant the subject field,
like splitting the flows or access control is a typical application of ACL.
I'm asking partially out of curiosity,
but also because there may be a better solution then DPDK ACL.

> The search time greatly affects overall system performance, so I can't just
> scan all rules. ACL is based on multi-bit tries and provides great
> performance, so I'm looking for nearly the same performance with the
> ability to find all matches within a single request.

Some regex libraries, Hyperscan or DPDK regexdev in particular,
take a database of rules, compile it to an efficient form
(Hyperscan generates vector instructions, regexdev may use HW acceleration),
and then allow to match input to the entire database in a single request,
yielding every match for every expression.

From my experience, performance is decent,
but of course it depends on the number or rules and their complexity.
How many rules do you have?
How many rules are expected to match (avg/max)?
How often do you need to insert/delete/update rules?

  reply	other threads:[~2021-11-26 14:12 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-18 16:55 Дмитрий Степанов
2021-11-24 10:06 ` Steffen Weise
2021-11-24 15:19   ` Dmitry Kozlyuk
2021-11-26 13:53     ` Дмитрий Степанов
2021-11-26 14:12       ` Dmitry Kozlyuk [this message]
2021-11-26 14:56         ` Дмитрий Степанов
2021-11-26 23:56           ` Dmitry Kozlyuk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211126171232.401fefca@sovereign \
    --to=dmitry.kozliuk@gmail.com \
    --cc=stepanov.dmit@gmail.com \
    --cc=stweise.linux@gmail.com \
    --cc=users@dpdk.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK usage discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/users/0 users/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 users users/ http://inbox.dpdk.org/users \
	public-inbox-index users

Example config snippet for mirrors.
Newsgroup available over NNTP:

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git